aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sos/plugins/selinux.py29
1 files changed, 8 insertions, 21 deletions
diff --git a/sos/plugins/selinux.py b/sos/plugins/selinux.py
index c3501eec..d35010a7 100644
--- a/sos/plugins/selinux.py
+++ b/sos/plugins/selinux.py
@@ -17,30 +17,17 @@ from sos.plugins import Plugin, RedHatPlugin
class selinux(Plugin, RedHatPlugin):
"""selinux related information
"""
+
option_list = [("fixfiles", 'Print incorrect file context labels', 'slow', False)]
+ packages = ('libselinux',)
+
def setup(self):
# sestatus is always collected in check_enabled()
self.add_copy_spec("/etc/selinux")
if self.get_option('fixfiles'):
- self.add_cmd_output("fixfiles check")
- self.add_forbidden_path("/etc/selinux/targeted")
-
- if not self.policy().pkg_by_name('setroubleshoot'):
- return
+ self.add_cmd_output("fixfiles -v check")
+ self.add_cmd_output("sestatus -b")
+ self.add_cmd_output("selinuxdefcon root")
+ self.add_cmd_output("selinuxconlist root")
+ self.add_cmd_output("selinuxexeccon /bin/passwd")
- # Check for SELinux denials and capture raw output from sealert
- if self.policy().default_runlevel() in self.policy().runlevel_by_service("setroubleshoot"):
- # TODO: fixup regex for more precise matching
- sealert=do_regex_findall(r"^.*setroubleshoot:.*(sealert\s-l\s.*)","/var/log/messages")
- if sealert:
- for i in sealert:
- self.add_cmd_output("%s" % i)
- self.add_alert("There are numerous selinux errors present and "+
- "possible fixes stated in the sealert output.")
- def check_enabled(self):
- try:
- if self.get_cmd_output_now("sestatus", root_symlink = "sestatus").split(":")[1].strip() == "disabled":
- return False
- except:
- pass
- return True